Search this site
  • Home
  • Teaching Schedule
  • Resources
  • Chad Tilbury
 
  • Home
  • Teaching Schedule
  • Resources
  • Chad Tilbury
  • More
    • Home
    • Teaching Schedule
    • Resources
    • Chad Tilbury

Resources

Selected articles

Offline Autoruns Revisited - Auditing Malware Persistence

Investigating WMI Attacks

Reconnaissance Detection

Investigating PowerShell: Command and Script Logging

Device Profiling with Windows Prefetch

ESE Databases are Dirty!

What is New in Windows Application Execution?

Mo’ Shells Mo’ Problems – Web Server Log Analysis

Getting Started with Linux Memory Forensics

Computer Forensics How-To: Microsoft Log Parser

NTFS $I30 Index Attributes: Evidence of Deleted and Overwritten Files

OpenSaveMRU and LastVisitedMRU

Finding Registry Malware Persistence with RECmd

Cloud Storage Acquisition from Endpoint Devices

SANS FOR500: Windows Forensic Analysis - Updated for Windows 11 and Beyond

Power Up Memory Forensics with Memory Baseliner

Updated Windows Forensic Analysis Poster


WORKSHOPS

https://www.sans.org/webcasts/tech-tuesday-workshop-cobalt-strike-detection-log-analysis-119395/

Cobalt_Strike_Detection_via_Log_Analysis.pdf

Videos

slides

Cobalt_Strike_Threat_Hunting-Tilbury.pdf
Investigating_WMI_Attacks_Tilbury_2018.pdf
Know_Your_Credentials_2017_Tilbury.pdf
LessonsIncidentResponse_2016_PREZ.pdf
Tracking_Deep_Panda_Web_Shells_2013_Tilbury.pdf
Geolocation_Forensics_2013_Tilbury.pdf
APT_Hiding_in_Plain_Sight_2011_Tilbury.pdf


Copyright © 2008-2023 Chad Tilbury.  All rights reserved. 
Report abuse
Report abuse